Export limit exceeded: 351192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14908 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 6.3 Medium |
| A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-61188 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-61189 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-51825 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-10-01 | 6.5 Medium |
| JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||||
| CVE-2024-48307 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-06-27 | 9.8 Critical |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | ||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | ||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | ||||
| CVE-2022-45207 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | ||||
| CVE-2022-45206 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | ||||
| CVE-2022-45205 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 5.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | ||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2025-04-17 | 9.8 Critical |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | ||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2025-04-14 | 7.3 High |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-47105 | 1 Jeecg | 1 Jeecg Boot | 2025-04-03 | 9.8 Critical |
| Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | ||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | ||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | ||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | ||||
| CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2025-03-05 | 8.8 High |
| jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | ||||
| CVE-2023-1784 | 1 Jeecg | 1 Jeecg Boot | 2025-02-11 | 5.3 Medium |
| A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. | ||||
| CVE-2023-34659 | 1 Jeecg | 1 Jeecg Boot | 2024-12-17 | 9.8 Critical |
| jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | ||||
| CVE-2023-34660 | 1 Jeecg | 1 Jeecg Boot | 2024-12-17 | 6.5 Medium |
| jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | ||||